Windows Server 2012 ships with a rich set of PowerShell cmdlets to perform most of the Server for NFS share management operations. Using these cmdlets as building blocks, administrators can easily build backup and restore scripts for the NFS share settings and permissions that best suits their needs. This post demonstrates how Export-CliXml and Import-CliXml cmdlets can be used to backup and restore Server for NFS share settings.
Server for NFS share management cmdlets
Let us take a quick look at the Server for NFS share management cmdlets in Windows Server 2012. If you are not already familiar with these cmdlets please look at their help to get more details on using these cmdlets.
- Get-NfsShare – Enumerates shares on the server
- New-NfsShare – Creates a new share
- Remove-NfsShare – Deletes one or more shares
- Set-NfsShare – To modify the share settings
Share permission cmdlets
- Get-NfsSharePermission – Enumerates NFS share permissions
- Grant-NfsSharePermission – To add or modify share permissions
- Revoke-NfsSharePermission – To remove permission for a client
Exporting Shares Settings
The Export-CliXml cmdlet can be used to export the objects to XML files. Similarly the Import-CliXml cmdlet can be used to import the content of an XML files (generated using Export-CliXml) to their corresponding objects in Windows PowerShell. If you are not familiar with these cmdlets please refer to the PowerShell help section.
To export all the NFS shares on the server invoke Get-NfsShare and pipe the results to Export-CliXml cmdlet.
Running the above command saves only the share settings into the file. It does not save share permissions. Exporting share permission is covered in next section as the permissions are handled using another set of cmdlets.
The following share settings are exported to the file
To export a single share, use the following command. In addition you can also filter the shares that you want to save by using wild cards for the share name, path and network name. See Get-NfsShare help for more details on using it.
Exporting Share Permissions
To save permissions of all the shares, use Get-NfsShare first to enumerate all the shares on the server. Use a PowerShell pipeline to pass the result to Get-NfsSharePermission to get the permissions for each of the shares. The result of these two commands can then be saved to an export file using the Export-CliXml cmdlet.
Similarly to export the permissions of a single share specify the share name in Get-NfsSharePermission.
Importing Shares Settings
If you have an export file generated using the Export-CliXml containing the share configuration follow these steps to import them on Server for NFS running Windows Server 2012.
We have the choice of using either New-NfsShare or Set-NfsShare when performing the import operation. Use Set-NfsShare if the share already exists on the server and you would like to overwrite it with settings from the exported file.
To create new shares on the server using the export file, use Import-CliXml to read the export file and create objects that can be given as input to New-NfsShare. The following example creates new shares on the server.
The screen shot shows creation of new shares on the server after importing the shares from the export file.
If the shares already exist on the server, the settings of the shares can be restored to that of the export file by piping the output of Import-CliXml to Set-NfsShare cmdlet
Here is an example to show how this works.
The server has a share with name “ShareA”. The “AnonymousGid” and “AnonymousUid” properties of this share are -2 and -2 respectively. The export file “shares.xml” is imported and the share is modified using Set-NfsShare cmdlet which changes the “AnonymousGid” and “AnonymousUid” property of the share to 100 and 200 respectively.
Importing Share Permissions
Before we talk about importing share permissions let’s briefly look at the cmdlets that will be used to perform this operation.
A client can be granted readwrite, readonly or no access permission on a share. The client referred to here can be a host machine or a group such as netgroup or clientgroup. Grant-NfsSharePermission cmdlet can be used to add permission for a client if it doesn’t already exist. If permission for a client is already present on the share it can also be modified using same Grant-NfsSharePermisison cmdlet.
To remove client from the list of permissions on a share, use Revoke-NfsSharePermission.
Now let’s get back to importing share permissions from the file. If you have an exported file generated using Export-CliXml that contains the permissions for the shares, use this command to import those permissions.
The import command used above has following implications
- Permissions are added to the share if the permissions do not exist
- If the permission being imported exists both on the share and in the export file, then the client permission on the share will be overwritten
- If the permission being imported exists only the share but not in the export file, then the client permission on the share will be retained
Note: If you don’t want to retain existing share permissions on the share, remove them before importing from the file.
In this example, shareA has following share permissions
- Host machine “nfs-node1” has read write access and root access disabled
- Global permission also known as “All Machines” has read only access and root access is enabled.
The exported file has
- Host machine “nfs-fileserver” has read only permission
- “All Machines” has no access and root access is disabled.
After the import operation, the share permissions for ShareA would be
- The permission for host “nfs-fileserver” is added to the share
- The “All Machines” permission has changed from read only and root access enabled to no access and root access disabled.
- The permission for “nfs-node1” is retained and is not modified.
Please send feedback you might have to firstname.lastname@example.org